
Unprotected Bondu AI Toy Exposes 50,000 Kids' Chat Transcripts
Security researchers found Bondu's web console was almost entirely unprotected, letting anyone with a Gmail account access over 50,000 transcripts of children's chats plus personal details. Bondu briefly took the console offline, then relaunched with authentication and said the issue was fixed within hours with no evidence of access beyond the researchers. The incident highlights serious privacy risks in AI-powered toys, the potential misuse of sensitive child data, and the need for stronger access controls and vendor risk management, especially where third‑party AI services may handle such data.





